Has your site got the 3 basic security measures?

Written by Gim Yeap


Continued from page 1

Some HTML editors already set this while it creates a page, but those of you who have older HTML editors or like me, like to coderepparttar page from scratch will need to includerepparttar 132110 following line in our HTML pages: < META http-equiv="Content-Type" content="text/html; charset=IS0-8859-1"> It should go as high as possible on your webpage, I normally place it just afterrepparttar 132111 < /head> tag, beforerepparttar 132112 < title> tag. This META tag tellsrepparttar 132113 browser to userepparttar 132114 "ISO-8859-1" character set, which is suitable for most Western European languages, rather than letrepparttar 132115 browser choose it's own character encoding, which may or may not be ISO-8859-1.

Why is it important to explicitly set it? The character encoding basically tells browsers how to display a particular character. For example, inrepparttar 132116 ISO-8859-1character set, "A" representsrepparttar 132117 letter "A" while "©" represents repparttar 132118 copyright symbol "" (You can try this out by typing < p>A< /p> or < p>©< /p> in a html file then call it up on a browser). Some character sets, have more than one representation for special characters such as "<" or ">", so your filter program may not toss out allrepparttar 132119 representations ofrepparttar 132120 character you have asked it to exclude. So when it serves a new page back torepparttar 132121 browser,repparttar 132122 browser, because it has not been told what encoding to use, can still readrepparttar 132123 malicious script intact.

So there you have it, 3 steps that should be incorporated into every website. Use them as a base to further build on. Because every site is different, you (orrepparttar 132124 security consultant you hire) will need to assess your site's own vulnerabilities and implement appropriate security measures. To do this you need to take into account your site's risk factor, your budget and your available resources.

On a final note, I'd like to stressrepparttar 132125 importance of keeping up withrepparttar 132126 latest threats and developments in site security. A good site for checking out security alerts isrepparttar 132127 CERT Coordination Center http://www.cert.org/nav/index.html or better yet sign up for their Security Advisory that is sent via email.

Gim Yeap Email : gim@payingads.com Site : www.payingads.com


Redirect Worms Away

Written by Richard Lowe


Continued from page 1

The Apache web server provides a feature called .htaccess, which provides commands to control a web site. This file is very obscure and extremely useful when used properly. You have to be careful when editing .htaccess files, as a small mistake can make your web site stop working. What I like to do is immediately testrepparttar site to be sure it works.

Be sure not to makerepparttar 132109 mistake that I made once - I browsed to my site, saw thatrepparttar 132110 home page came up, and went to work. Later, I found it was not working but appeared to work becauserepparttar 132111 home page was stored in my browser cache. Thus I learned a simple lessonrepparttar 132112 hard way: always hitrepparttar 132113 refresh key ofrepparttar 132114 browser when testing .htaccess changes.

I did a little research and testing, and addedrepparttar 132115 following lines to my .htaccess file.

redirect /scripts http://www.stoptheviruscold.invalid redirect /MSADC http://www.stoptheviruscold.invalid redirect /c http://www.stoptheviruscold.invalid redirect /d http://www.stoptheviruscold.invalid redirect /_mem_bin http://stoptheviruscold.invalid redirect /msadc http://stoptheviruscold.invalid RedirectMatch (.*)cmd.exe$ http://stoptheviruscold.invalid$1

These lines did exactly what I wanted them to do - they stoppedrepparttar 132116 virus from creating 404 errors in my log file, and they prevented my 404 error page from being triggered, thus creating lots of useless bandwidth utilization. There is still some bandwidth used, obviously, but it is far less than it would have been. The load onrepparttar 132117 server is also considerably reduced, which should make my web hosting company happy.

Note that log file entries are still made byrepparttar 132118 various worms as they attempt to penetraterepparttar 132119 server. These entries do now show as errors, which makes it easier to pick out real errors fromrepparttar 132120 logs.

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.


    <Back to Page 1
 
ImproveHomeLife.com © 2005
Terms of Use